File name: tdat_trustedcontextwithauth.html
Enabling trusted context with authentication for DB2 databases
Enable trusted context in your applications to improve
how the application server interacts with DB2® database
servers. Use trusted connections to preserve the identity records
of clients that are connecting to a DB2 database
through your applications; trusted connections can provide a more
secure environment by granting access based on the identity of those
users. DB2 provides an option for trusted connections
in which a password is required when switching the user identity.
You can configure the application server to use trusted connections
with authentication, and plug-in your own code to take advantage of
trusted context with authentication.
Before you begin
Refer to the topic on enabling trusted context for DB2 databases
to ensure that trusted connections are properly configured for the
application server.
About this task
If the WITH AUTHENTICATION option is specified when the trusted
context is created, the database requires that you provide an authentication
token with the end user's identity. The database authenticates the
end user and verifies the end user's authorization to access the database
before the database allows any requests to be processed.
The
end user's identity must be the RACF® ID.
Procedure
- Set useTrustedContextWithAuthentication custom property
to true for the DB2 data source.
- Click .
- Click the name of the data source that you want to configure.
- Click Custom properties from
the Additional Properties heading.
- Click New.
- Complete the required fields. Use the following
information:
Name |
Value |
useTrustedContextWithAuthentication |
true |
If the useTrustedContextWithAuthentication custom property is
not set to true, the application server will provide an implementation
of reusing DB2 trusted connections without authentication
at run time. In this case you are not required to provide anything
to use the trusted context feature.
- Use the login configuration for TrustedConnectionMapping,
as described in the topic on enabling trusted context for DB2 databases.
- Extend the DataStoreHelper class, and provide the implementation
for the getPasswordForUseWithTrustedContextWithAuthentication method
as described in the topic on developing a custom DataStoreHelper class.
At run time, the application server will call this method to
return the password that the application server is required to use
to switch the trusted context identity when you have enabled trusted
context with authentication. The password that is returned by this
method will be sent to the database when the application server switches
trusted context identities, and the password will not be stored by
the application server.
This application server only calls this
method if the following is true:
- You set the useTrustedContextWithAuthentication data source custom
property to true.
- You use the TrustedConnectionMapping login configuration.
The following is an example of the getPasswordForUseWithTrustedContextWithAuthentication
method:public String getPasswordForUseWithTrustedContextWithAuthentication(String identityname, String realm)
throws SQLException
{
return customersOwnUtility().getPassword(identityname) // customers use their own
// implementation to get the password
}
Avoid trouble: You cannot enable
the useTrustedContextWithAuthentication custom property for the data
source without overwriting the getPasswordForUseWithTrustedContextWithAuthentication
method in the DataStoreHelper class to get the password for switching
the identity for trusted connections. If you do not provide implementation
for the getPasswordForUseWithTrustedContextWithAuthentication method,
the application server will throw an exception with the following
message at run time:
TRUSTED_WITH_AUTHENTICATION_IMPLEMENTATION_ERROR=DSRA7033E:
You cannot enable the useTrustedContextWithAuthentication custom property
for the data source without overwriting the getPasswordForUseWithTrustedContextWithAuthentication
DataStoreHelper. TRUSTED_WITH_AUTHENTICATION_IMPLEMENTATION_ERROR.explanation=The
useTrustedContextWithAuthentication custom property is enabled, but
the implementation code for the DataStoreHelper method that will return
the password that the application server will use to switch the identity
is not provided. TRUSTED_WITH_AUTHENTICATION_IMPLEMENTATION_ERROR.useraction=Overwrite
the getPasswordForUseWithTrustedContextWithAuthentication DataStoreHelper
method and provide the implementation code that will return the password,
or set the useTrustedContextWithAuthentication custom property for
the data source to false.
gotcha
In this information ...
| IBM Redbooks, demos, education, and more(Index)
Most of the following links will take you to information that is not part of the formal product documentation and is provided "as is." Some of these links go to non-IBM Web sites and are provided for your convenience only and do not in any manner serve as an endorsement by IBM of those Web sites, the material thereon, or the owner thereof.
|
|
